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Amendments to Specificaiion 

Please replace paragraph [0096] (the Abstract of the Disclosure) with the following amended 
paragraph: 

[0096] Methods, apparatnjses and systems facilitating enhanced classification of network trafficr 
A s discussed above, typical mechanisms that classif}^ network traffic analyze explicitly 
preGentcd or readily discovorablo uttributco of i ndividual pactcots against an appUcation 
Gignaturo, ouch as a oombinaiion of protocol identifierSvport numbors and text Gtrings. Tho 
present invention thatee xtends bevondia^^ ois«# explicitly presented paiitcet attributes 
and holistically analyzes data flows, and in some impleme wai^^ 

knowhiapplication behavior patterns to classify the data flbvvs. Implementations of the present 
invention facilitate the classification of encrypted or compressed hetvvork traffic, or where the 
higher layer information in the data flows are formatted according to a non-public or 
proprietary protocol. In one embodiment, the enhanced classification functionality analyzes the 
behavioral attributes of encrypted data flowo against a knowlodgD bade of IcnoHvn application 
behavior pattorno to olassify the data flovi In one embodiment, the cnhancQd clasgification 
mechaniams deoeribed herein operaio GoamJesGly wth other Layer 7 traffic clagQifioation 
mcchanismG that operate on attributes of the packets themselves. Impkmentations of the 
present invention can be incorporated into a variety of network devices, such as traffic 
monitoring dcvicco, packet capture devices, firowallo, and bandwidth managomont do%dooo. 

Please replace paragraph [Ol32l| vvith the fMowing ainendfed paragrapih: 
[0021] Efficient allocation of network resources, such as ayaikblenetvvork bandwidth, has 
become critical ias enteiprises increase nuliance on distributed computing environments and 
wide area computer neuvorks to accomplish critical tasks. The widely-used Transport Control 
Protocol (T CP Vlnternet Protocol ( IP) protocol suite, which Implements the world-wide data 
communications network en\aronment called the Internet and is employed in many local area 
networks, omits any expHcit supennsory tunction over the rate of data transport aver the 
various devices that comprise the network. While there are certain perceived advantages, this 
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characceristic has the consequence of j uxtaposing wry high-speed packets and very low-speed 
packets in potential conflict andproduces certain inefficiencies. Certain loading conditions 
degrade performance of networked applications and can even cause instabilities which could 
lead to overloads that could stop dati trans{|rtm .; 

Please replace paragraph [0025] with the foUowdng amended paragraph: 
[0025] A crude form of bandwidth management in TCP/tP networks (that is, policies operable 
to allocate available bandwidth ;from a single logical Unk^ t^ network flows) is accomplished by a 
combination of TCP end systenis and routers which queue packets and discard packets when 
some congestion threshold is exceeded. The discarded and therefore unacknowledged packet 
serves as a feedback mechanism to the TCP transirutterc Roiiters suppor^^^ 
options to provide for some level of bandwidth manageni^ These c^tipift gehera^^^^ a; 
rough ability to partition and prioritize separate classes of traffic. However, configuring these 
queuing options with any precision or without side effects is irv fact very diffi^ and in some 
cases, riot possible. Seemingly simp^^ things;such as the length of the queue, have a profound 
effect on traffic characteristics. Discarding packets as a feedback mechanism to TCP end 
systems may cause large, uneven delays perceptible to i nteracti ve users. Moreover, wh ile 
routers can slow down inbound network traffic by dropping packets as a feedback mechanism 
to a TCP transmitter, this method often results in retransmission of data packets, wasting 
netNvork traffic and, especially, inbound capacity of a VVide Area Network (W AN) hnk. In 
additionv routers can only explicitly control outbound traffic and cannotiprevent inbound traffic 
from over-utilizing a WAN link A 5% load orless on outbound traffic can correspond to a 
100% load on inbound traffic, due to the typical imbalance between an outbound stream of 
acknowledgments and an inbound stream of data. 

Please replaceparagraph [0026] with the following amended paragraph: 
[0026] In response, certain data flow^ rate control mechanisms have been developed to pro\dde a 
means to control and optimize efficiency of data transfer as well as allocate available bandwidth 
among a variety of business enterprise functionalities. For example, U.S. 6,038,216 discloses a 
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method for explicii daia rate control in a packet-based network environment without data rate 
supervision. Data rate control directly moderates the rate of data transmission from a sending 
host, resulting in just-in'time data transmission to control inbound traffic and reduce the 
inefficiencies associated with dropped packets. Bandwidth management devices allow for 
explicit data rate control for flows associated with a particular traffic classification. For 
example, U.S. 6,412,000, above, discloses automatic classification of network traffic for use in 
connection with band width allocation mechanisins. U.S. Rat. No. 6,046,980 discloses systems 
and methods allowing for application layer control of bandwidth utilization in packet-based 
computer networks. For example; bandwidth management devices allow network 
adbiinisttators tp spe^Mfyipolicie^ to control and/or pnpritize the bandvw allocated 

to individual data flows according to traffic classificatibiis. In additionyC^nain bandwidth 
management devices, as well as certain rduterSi^i^bw netvmi:l< admiriistratbrs to specify 
aggregate bandwidth utilization controls to divide av^ailable bandwidth into partitions. With 
some network devices, these partitions can be configured to ensure a minimum bandwidth 
and/or cap bandwidth as to a particular class of traffic. An administrator specifies a traffic class 
(such as File Ixansfer l^otocol ( FFP) data, or data flows involving a specific user) and the size 
of the resented virtual link-i.e., minimum guaranteed bandwidth and/or maximum bandwidth. 
Such partitions can be applied on a per-application basis (protecting and/or capping bandwidth 
for all traffic associated with an appl ication) or a per-user basis (controlling, prioritizing, 
protecting and/or capping bandwidth for a particular user): In addition, certain bandwidth 
management de\4ces alloyv administrators to defi ne a partition hierarchy by configuring one or 
more partitions dividing the access link and furrfier dixiding the parent partitions into one or 
more child partitions. While the systems and methods discussed above that allow for traffic 
classification and application of bandwidth utilization controls on a per-traffiC'Classification 
basis operate effectively for their intended purposes, they possess certain limitations. As 
discussed more fuUy below, identification of traffic types associated with data flows traversing 
an access link involves the application of matching criteria or rules to explicitly presented or 
readily discoverable attributes of individual packets against an application signature which may 
comprise a protocol identifier (e.g,, TCP, HvperText Transport Protocol ( HTTP! User 
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Daiagram Protocol ( UDP\ Multipurpose Internet Mail Extensions (M IMEY types, etc.), a port: 
number, and e\'en an aipplication-specific string of text in the payload of a packet. After 
identification of a traffic type corresponding to a data Dow, a bandwidth management device 
associates and subsequently applies bandwidth utilization controls (e.g., a policy or partition) 
to the data flow corresponding to the identified traffic classification or type. Accordingly, 
simple changes to an application, such as a string of text appearing iri the payload or the use of 
encryption text may allow the application to evade proper classification and corresponding 
bandwidth utilization controls or admission policies. 
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